CVE-2018-11094

Published: 2018-05-15T19:29Z

Last Modified: 2024-11-21T03:42Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt